Upgraded to 12.8 and now can't login

M370, upgrade each time an update comes out so I keep up with it. Today is the first time I've had an issue with an upgrade. Upgraded to 12.8 from the prior version via the web and it never came out of rebooting status, although the firebox is up and all sites are working so it's passing traffic. I can't login via the Web UI or WSM now. I tried power cycling the unit as I'm not located at the data center and the problem remains. Any suggestions?

Comments

  • Do you have external logging set up such as to Dimension or to WG Cloud?
    If so, have you looked to see what is in the logs when you ty to log into the firewall?

    Have you tried access via the CLI?

  • I have not looked at the logs, I think I do have the logger setup on a server. I was able to login via CLI but I don't really know what to do via CLI but wanted to test that and it worked. It does show version 12.8 installed successfully.

  • Connect to your log sever so you can see what is happening & then try logging in to the Web UI or WSM.
    The logs should show what the issue is.

  • It doesn't appear the firebox is connected to the log server and probably for the same reason I can't login. I see the logs folder but I don't know how to view logs. Do I access files directly or is there some viewer I should be using?

  • Looks like the log server hasn't been connected for some time for some reason so that's out for now. It seems something with firebox-db not allowing me to login. But I can login via CLI.

  • Time to open a support incident
  • I did at the same time as posting this, waiting to hear from someone. It looks like, possibly from CLI review that there are no users in the Firebox-DB after this update.

  • If you can log in with the CLI, then I don't see why you can't log in with the Web UI or WSM.
    I rarely use the CLI, so I am not adept at all on the CLI commands.
    I gave up CLI interfaces ages ago over GUIs.

    Let us know what resolves the issue.

  • I opened a ticket Friday I believe and it was resolved today. I had a wildcard SSL cert set for the firebox web server certificate. And it was the default to be used. For some reason the upgrade to 12.8 revoked my certificate which is valid until mid 2023. I believe one of the release notes for 12.8 was to perform some SSL cert cleanup and it cleaned mine up causing my issue, not sure why. Fortunately we were able to use CLI to assign a temp cert and that got us in and then set the default cert back to the default firebox cert to avoid having this issue again.

Sign In to comment.